class SettingsController < ApplicationController
  
  before_filter :account_required, :login_required, :find_user, :ignore_normal_users
  
  def create
    if @user.update_attributes(params[:user])
      flash[:notice] = "Has been updated"
      
      # Don't show user's own comment
      unless @user.id == current_user.id
        Comment.create!(:user_id => @user.id, :body => "Your settings has been updated by #{current_user.name}")
      end
      redirect_to user_settings_path(@user.id)
    end 
  end
    
  protected
  
  def find_user
    @user = User.find_by_id(params[:user_id], :conditions => ['company_id = ?', current_account.id])
    raise ActiveRecord::RecordNotFound, "Page not found" if @user.nil?
  end
  
  # Before filter for ignoring normal users
  def ignore_normal_users
    if logged_in?
      u = current_user
      unless u.id == @user.id or admin_required or superior_required
        flash[:error] = "Error"
        redirect_to user_path(u.id)
      end
    end
  end
  
end
